Video-Demo-Tour

Ask us


I agree to the terms of the Privacy policy
I agree with the provisions on data protection. I agree that Protelion will process the personal data provided by me electronically for the processing of my request and contact me, according to my explicit request, for the processing of my request. I can revoke my consent at any time with effect for the future.

Your request was sent successfully.
We’ll answer you as soon as possible.

OK
EN
DE ES

Home

/
 ... / 

Resources

/
 ... / 

Blog

/
 ... / 
SNMP Security

SNMP Security

18.10.2025

SNMP (Simple Network Management Protocol) consists of 3 essential parts:

  • Agents: applications pre-installed by the manufacturers on managed devices (e.g. routers, switches, workstations) that constitute an interface between SNMP and the configuration of each computer.
  • Administrator: or Network Management System based on SNMP, which queries (or configures) the variables of all network devices, interacting with each respective agent of the managed devices.
  • MIB: Management Information Base. Set of network device specifications, organized hierarchically in the form of a tree, where the root contains the most global variables of what happens on the network, and the leaves correspond to the detailed information of each managed host. The concept of its use implies data collection from the administrator or network management system that accesses the information of the devices through the agents that use SNMP.

It should be noted that the mechanisms used to define the information related to devices managed over SNMP have hardly changed since its appearance at the end of the 1980s. This is mainly due to the flexibility of the protocol, since its design allows using defined information by other different protocols, or even by different versions of the same protocol.

Security Threats

SNMP provides mechanisms for accessing a hierarchical information base that consists of a set of variables. There are two types of access to this information: read-only access which allows you to see the values associated with each variable, and read & write access which allows you to modify these values.

Access to the devices was implemented in the first version of SNMP through a string called "community name" used as a simple information access control mechanism, which can be configured by the system administrator.

All the security provided by the system is based on the fact that it is necessary to know the community name assigned to a device in order to get access to the information provided by its variables.

The level of protection offered by the original SNMP version is therefore very weak. What's more, it should be taken into account that community names included in SNMP messages are sent through the network in plain text. This way, they can be obtained as a result of passive attacks or malicious listening.

In addition, the use of community names configured by default on devices is widespread, so that a user outside the system can get a lot of information about it using the SNMP protocol.

In order to increase the security of the protocol it was necessary to make changes in its first version, to introduce concepts of authentication, integrity and privacy, as well as to improve the control of access to information, to prevent threats such as modifying or reordering messages in transit, identity theft, listening, and passive attacks.

Evolution towards SNMPv2

The first real attempt to provide SNMP with a certain security degree was implemented in the version called SNMPsec. Elements introduced in that version are the basis of all subsequent versions and are still used today.

The main innovations provided by SNMPsec are the unambiguous identification of entities involved in SNMP communications, which allows for major improvements and greater flexibility in access control, as well as the use of cryptographic mechanisms that enabled authentication, message integrity and privacy.

This version introduces the following concepts, among others:

  • Party SNMP: virtual context of execution where operations are restricted to the operations allowed on the device.
  • Access control policy: a set of SNMP operations or messages, the use of which is allowed between two elements used in a management communication.
  • Authentication protocol: is used to authenticate messages as well as to check their integrity. The MD5 algorithm is normally used, which applies a hash function to the message and includes the response value among the transmitted data when carrying out a communication.
  • Privacy protocol: is used to protect communications from malicious listening. DES symmetric encryption algorithm is often used.

The SNMPsec version was initially adopted with the introduction of version 2 of SNMP and renamed to SNMPv2p (Party-based SNMPv2).

Later, the SNMPv2 framework, whose definition does not contain any standard in terms of security, was associated with other management models regarding security, and three new versions of the protocol appeared: SNMPv2c, SNMPv2u and SNMPv2*.

SNMPv2c (Community-based SNMPv2) uses the same management  model as the first SNMP version, and does not include security mechanisms itself. The only improvements introduced in the new version are greater flexibility of access control mechanisms, since it allows defining access policies that consist in associating a community name with a community profile formed by a MIB view and access rights to that view: read or read/write.

SNMPv2* provided adequate levels of security, but did not reach the required level of standardization and acceptance.

Finally, SNMPv2u (User-based SNMPv2) reuses the concepts introduced in SNMPsec while implementing the concept of user. In this case, the communications are carried out under the identity of users instead of using the concept of party existing in previous versions, in this way, the same user can be defined in several different SNMP entities.

SNMP version 3

The main novelty introduced in version 3 of SNMP is modularity. An SNMP entity is considered to be composed of several modules: a notification trigger, another message processor, a security subsystem, and an access control subsystem.

This way, the mechanisms used in SNMPv3 for security (authentication and privacy) and for access control are independent. Thus, the same entity can use different models of security and access control simultaneously. This significantly increases the flexibility and interoperability of the protocol.

A standard User Security Model (USM) and a View-based Access Control Model (VACM) are also implemented. The concepts implemented in previous versions are used, and at the same time, the modularity of the new version allows the introduction of future models that are independent of the present ones.

Security was one of the major weaknesses of SNMP until v3. Authentication in SNMP versions 1 and 2 was just a password (community name) sent in plain text between an administrator and an agent. Each SNMPv3 message contains encoded security parameters, and their values depend on the implemented security model.

Involvement and Mitigation

Denial of Service

Since SNMP is designed to allow administrators to monitor and configure network devices remotely, it can also be used to penetrate a local area network (LAN).

If SNMP is not used in a network, it should be turned off, because in addition to creating a vulnerability, it will consume the available network bandwidth and unnecessarily use processing resources.

SNMP is vulnerable to certain denial-of-service attacks, so when configuring it special attention is necessary to access control configuration and to the IP addresses from which SNMP messages are accepted. If SNMP servers are identified by their IP, SNMP can only respond to those IPs and SNMP messages from other addresses will be denied.

SNMP Authentication

SNMP is available in versions 1, 2 and 3, each having its own security issues. SNMP v1 sends passwords as an unencrypted text over the network. This way, passwords can be read with packet trackers.

SNMP v2 allows MD5 password hashing but requires configuration. This version has been developed specifically to provide authentication, privacy and authorization, but only version 2c and not versions 2u and 2* has been adopted worldwide.

SNMP v3 uses encryption algorithms to provide protection against unauthorized data modification and masking attacks. However, it may be subject to brute force and dictionary attacks to hack authentication or encryption keys, if these keys are generated from short (weak) passwords or passwords that can be found in a dictionary. Using good practices for setting passwords can mitigate this vulnerability.

Automatic Detection

Many SNMP implementations include automatic discovery in which a new component added to the network is automatically detected and grouped by its IP address. In SNMPv1 and v2c, this is done through a community string that is transmitted in unencrypted text to other devices.

Once the community string is known outside the organization, it can become the target of an attack. To prevent easy community discovery, SNMP needs to be configured to alert in case of a community name authentication failure, and the management device to react to the failure. SNMPv3 security mechanisms can prevent a successful attack.

Summary

The level of protection offered by the original SNMP version does not meet today's requirements. If management is based on this version, it is essential to be aware of the risks involved, due to the sensitivity of the information accessible through this protocol.

Later versions of the protocol use cryptographic mechanisms to provide greater security in communications. The use of those versions involves more complex configuration of the system, but the resulting level of security is much higher.

Protelion technology uses SNMP in various products. In all of them particular attention is paid to security, which is based on technology-generated symmetric encryption keys that ensures encryption of the data sent using the protocol.

Back to list

Blog

Blog
Privacy vs. Security: Finding the Balance in an Increasingly Connected World
07.10.2025
From unlocking your phone with a glance to moving through an airport security gate, technology quietly collects pieces of our lives.
Read more
Blog
The persistent security crisis in mobile networks: old vulnerabilities keep haunting new generations
21.10.2025
This article is based on research «Unveiling the Ghosts of Mobile Networks: When Will Old Bugs Die?»
Read more
Blog
ArmoredMobile team reflections on Pixnapping attack
16.10.2025
The malicious app’s attack works by opening the target app (e.g., Google Authenticator), then displaying its own window on top of the target app’s window, and scanning the content pixel by pixel, analyzing the execution time of graphic operations on each pixel.
Read more